name:

(import ../outer-defaults.nix name) // {

  bindMounts."/srv/c3d2" = {
    hostPath = "/srv/ceph/c3d2";
    isReadOnly = false;
  };

  config = { config, pkgs, lib, ... }: {
    imports = [ ../inner-defaults.nix ];

    c3d2 = {
      users.k-ot = true;
      hq.statistics.enable = true;
      hq.yggdrasil.enableGateway = true;
    };

    services.openssh = {
      enable = true;
      allowSFTP = true;
    };

    environment.systemPackages = with pkgs; [ git borgbackup ];

    services.nginx = {
      enable = true;
      package = pkgs.nginx.override {
        modules = with pkgs.nginxModules; [ fancyindex ];
      };
      virtualHosts = {
        "storage-ng.hq.c3d2.de".extraConfig = ''
          server_name storage-ng.hq.c3d2.de;
          return 301 $scheme://storage.hq.c3d2.de$request_uri;
        '';

        "storage.hq.c3d2.de" = {
          default = true;
          http2 = true;
          # addSSL = true;
          locations = {
            "/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
            in {
              alias = "/srv/c3d2/files/";
              extraConfig = ''
                		auth_basic "Chaos";
                		auth_basic_user_file ${authFile};
                    fancyindex on;
                    # autoindex on;
                    dav_access all:r;
              '';
            };
          };
        };
      };
    };

    networking.interfaces.eth0 = {
      ipv4 = {
        addresses = [{
          address = "172.22.99.20";
          prefixLength = 24;
        }];
        routes = [{
          address = "0.0.0.0";
          prefixLength = 0;
          via = "172.22.99.1";
        }];
      };
    };

    networking.firewall.enable = false;
  };

}